Beware of Pell Grant Phishing Campaign

What happened?

An advisory has just been released by one the Higher Education cybersecurity communication groups alerting us to two phishing campaigns targeting students using the lure of the Pell Grant.  

The first one attempts to contact students by text message, a form of phishing called “SMiShing,” congratulating them on their acceptance into the Pell Grant Award program and instructing them to look for an email and to respond immediately. Within minutes the individual receives an email requesting that they reply with personal information about themselves.  

The second phishing email that has been reported includes the subject line: **CARES Pandemic Grant for Students*** and includes a malicious link that also attempts to gather personal information about the student.  

At the current time we are not aware of any FIT students receiving either of these phishing campaigns.

What can you do to protect yourself?

  • If you received an email from “studentgrantdesk@outlook[.]com” or received and email with the subject “**CARES Pandemic Grant for Students***” immediately mark the email as a phish in Google, report it to [email protected], or open a ticket at techhelp.fitnyc.edu.

  • Use extreme caution when receiving emails with attachments and links. These links or attachments can be malware that will infect your computer. What looks like a legitimate hyperlink can be a link to a criminal website. When in doubt, hover your mouse over the text of the hyperlink; you should see the full URL, which will help to show whether it leads to a legitimate website.

  • Never send personal information over email if you are not 100% certain that the email is legitimate, or better yet, use the grant provider’s online information system or secure portal to provide anything personal about yourself or your finances.

  • If you are unsure about an email, contact the sender to confirm using a valid method that is known to you. Don’t use a phone number or email supplied in the suspicious email.

  • Lock down your personal information by enabling two-factor authentication on your FIT Google account and on as many of your online financial accounts as possible.